From: Bryce <wilcoxb@nag.cs.colorado.edu>
To: Jiri Baum <jiri@baum.com.au>
Message Hash: a343e8b66ead92b2a1fe283c0538085f29c925b249eb61a575ab3a74ee61feea
Message ID: <199602131752.KAA12867@nag.cs.colorado.edu>
Reply To: <199602131244.XAA00168@mail.mel.aone.net.au>
UTC Datetime: 1996-02-14 01:22:14 UTC
Raw Date: Wed, 14 Feb 1996 09:22:14 +0800
From: Bryce <wilcoxb@nag.cs.colorado.edu>
Date: Wed, 14 Feb 1996 09:22:14 +0800
To: Jiri Baum <jiri@baum.com.au>
Subject: An entity calling itself Kilroy was probably here (was: Web Page Authentication (was: Anti-Nazi Authentication) )
In-Reply-To: <199602131244.XAA00168@mail.mel.aone.net.au>
Message-ID: <199602131752.KAA12867@nag.cs.colorado.edu>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
This quotes some mail sent directly to me by (probably) an
entity calling itself "Jiri Baum". I apologize in advance
if said probable entity is offended at my broadcasting his
words, but I thought it was a good contribution to cpunks.
(Which, cosmos knows, could use some good contributions
that aren't just rehashes of the eternal floating
"libertarianism" Usenet flamewar/rantfest.)
(Hereafter knowns as "the EFLUFR", pronounced "Effluffer".)
+---+---- Bryce
| |
+---+------ Probably an entity calling itself Jiri
| | | |
v v v v
> > > > An entity calling itself Jiri Baum
> > > > <jirib@sweeney.cs.monash.edu.au> probably wrote:
> > > ...
> > >
> > > Probably? Didn't I sign it? :-)
> >
> >
> >Ah, grasshopper... If there was a good path between you and
> >I in the Web of Trust, *then* I would take out the
> >"probably". :-)
> ...
>
> I guess it depends on whether we are talking about "Jiri Baum wrote"
> (about which you'd be perfectly right) or "An entity calling itself
> Jiri Baum wrote". Witness:
> + there exists an entity which controls the PGP key in question
> (*)
> + that entity calls itself "Jiri Baum" (key signature)
> + that entity wrote the text in question (text signature)
>
> Therefore, an entity calling itself Jiri Baum wrote the text in
> question. No need for a web of trust - as they say on Star Trek,
> simple logic will suffice :-)
Well now let's say that an active attacker had supplanted
your public key with his own. He is not, really, an entity
who calls himself "Jiri". I mean, sure by using a public
key which he controls and which has "Jiri" on it he is
calling himself "Jiri", but he rarely if ever actually talks
to people and says things which those people associate with
the name "Jiri". More significantly, he never thinks of
*himself* as "Jiri". So in this most fundamental sense he
does not "call himself Jiri".
*You* are the entity who calls yourself Jiri, and I can only
say that you "probably" wrote the above because I'm not sure
if you actually control the public key associated with your
name.
Tim May's solipsistic conflation of appearance and identity
notwithstanding.
I guess we are just using different semantics for "an entity
calling itself". I didn't want to say "an entity whose One
True Name is 'Jiri Baum'", because I don't believe in One
True Names. I can see how my choice of words was confusing
though, since Mitch (the Man In The CHannel) can be seen as
"calling itself 'Jiri Baum'".
Maybe I'll start saying "An entity who creates the output
which we associate with the nym 'Jiri Baum'...", in order to
point out that the actual "Jiri" makes this stuff up and
Mitch just relays it with perhaps some editing. But then
what if Mitch took a more active role, putting words in your
mouth and so forth? Maybe I should say "An entity who calls
itself 'Jiri Baum' and is more or less unaware of any nym
collision regarding that nym...".
Yeah, that one seems bulletproof...
> True - I guess that's another use - a time-stamping service could
> sign any page that asks for it. Time to whip up yet another CGI
> script! (When/if I have the time - this one ain't so simple because
> it has to get the page off the web.)
Wei Dai <weidai@eskimo.com> and Matthew Richardson
<matthew@itconsult.co.uk> have both done this. I suspect
that Wei's time-stamping service is not still functional.
(A pity. We need redundancy for added assurance.)
I myself use Usenet and mailing lists as a sort of poor
man's time-stamping service. If I invent an idea or some
prose, and I sign it and then broadcast it thusly, I think
enough people will keep a record of it having been in
existence with my signature on it at this time, that I can
later call on them to testify to that effect. Hopefully.
Yet another reason to clearsign my output.
Okay I will try to find responses to this even if they are
buried in the EFLUFR. (All hail GREP!)
Regards,
Bryce
"Toys, Tools and Technologies"
the Niche
New Signal Consulting -- C++, Java, HTML, Ecash
Bryce
PGP sig follows
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01
iQCVAwUBMSDPpPWZSllhfG25AQFrUgP+IzidvICvkApSl87b03f4Ebatwcmg05cJ
QF3jE7SbmRpcJshE6Cty5Lu3revBeGknRI3VDMoS4n0fCIxjq3D592d5mqOjwN0e
QV620Aq2cnJZ3LRknZtaIGNluedkC4iG2xM3VzxIbVVGmmGEbhwEhKNmFEqWr2um
SdDPSWvtnhs=
=sc0s
-----END PGP SIGNATURE-----
Return to February 1996
Return to “Bryce <wilcoxb@nag.cs.colorado.edu>”
Unknown thread root